Hi again,
I've got an issue related to my earlier problems with GRE tunnels and OSPF. My
OpenBSD box acts
as a (NAT) router between my local network and the IPv4 Internet. Additionally
there is a GRE tunnel
between the box and a server over which I route into the IPv6 internet. What
happens is that
after I add the IPv6 default route on gre0 I loose IPv4 connectivity on the
local network. The
whole setup looks like this:
GRE (fe80::acfa:ffa0)
GRE (fe80...) _________________________ ______ IPv6 Router ---
IPv6 Internet
/ \ /
LAN -------------- OpenBSD ----- Modem --- IPv4 Internet
(172.22.94.64/27) 172.22.94.1
2001:470:9ed3:1423::
The GRE tunnel endpoints don't have public IPv6 addresses and I add the default
route on the
Router via "route -n add -inet6 default fe80::acfa:ffa0%gre0". ICMPv4 still
works on LAN but
establishing TCP connections fails initially, hinting that my firewall config
is somewhat skewed.
On the first connection request to an IPV4 host on the Internet the router
doesn't NAT the
packets, forwarding them with the LAN IPv4 address to the modem. Subsequent
requests get NATed
correctly. My pf.conf looks like this:
set skip on lo
set skip on enc0
set skip on gre0
pass
match out on egress inet from !(egress:network) to any nat-to (egress:0)
pass out quick
I'm still not that familiar with OpenBSD, but I've read all relevant man pages
and couldn't find
an explanation for this behavior.
Regards,
Benjamin Kiessling
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
